The Democratic Party's dangerous experiment

Computer scientists David Dill and Barbara Simons caution that the risks of Internet voting may outweigh any perceived benefits.

February 4, 20086:40 PM PST

As most of us now understand, paperless electronic voting is a really bad idea. But there is a still worse idea: voting over the Internet.

Voters may worry about whether voting machines were hacked by programmers or poll workers who have machines stored in their homes prior to an election. But with Internet voting, we must also worry about whether the system has been hacked by a teenager in Eastern Europe, organized crime, or even an unfriendly government. We must worry about network failure, denial-of-service attacks that shut down selected machines on the Internet, counterfeit Internet Web sites, and spyware or viruses on the computers used to cast votes. And we must worry about whether the people running the system are engaging in electronic ballot-stuffing.

Like whack-a-mole, Internet voting proposals have reappeared in different guises in the U.S. for much of the past decade. When an extremely ambitious U.S. Department of Defense proposal for Internet voting in the 2004 presidential election was reviewed by computer security experts, it was terminated because of security concerns documented by those experts--the same concerns that should cause all citizens to view any proposal for Internet voting with extreme skepticism.

Like whack-a-mole, Internet voting proposals have reappeared in different guises in the U.S. for much of the past decade.

Nonetheless, on Super Tuesday, the Democratic Party is going to deploy Internet voting. Democrats living outside the country will be treated as a 51st state, called Democrats Abroad, and will elect delegates to the convention. This approach adroitly sidesteps almost all regulation on election technology, which typically are matters of state, not Federal, law.

Internet voting won't even be subjected to the notoriously inadequate certification process that applies to almost every other voting system in the U.S. The organizers apparently maintain their confidence in the security of Internet voting by not consulting anyone who might, as happened in 2004, warn them of risks. (We know most, if not all, of the independent experts in Internet voting in the U.S., and none of them has been asked to examine this system.)

Security may not be the only issue with this system. On its Web page, Everyone Counts cites the recent "successful" election in Swindon, U.K, even though the U.K. Electoral Commission reports: "Electronic polling stations in Swindon proved more problematic, with many experiencing connectivity and application issues on polling day." For this and other reasons, the Electoral Commission recommended a moratorium on further e-voting trials in the U.K. until security and other concerns are resolved.

So, why should expatriate Democrats trust Everyone Counts with their votes? We don't know. What we've been able to discover in a few Internet searches is that the company was spun off from an Australian company (PDF) in 2003, and (as of two years ago) the majority shareholder is an Australian. In 2006, the company received an "injection of U.S. private equity" from an undisclosed source. We can't tell you which candidate, if any, the source of the private equity supports.

There are only a few delegates allocated to Democrats Abroad. So it is unlikely, but not impossible, that the delegate selection resulting from the Internet voting process will be decisive in choosing the Democratic nominee for president. Whatever the outcome, it will be impossible for a candidate to obtain a recount, because there will be no meaningful ballots to recount.

Even if Internet voting does not affect the presidential nomination, there is a big risk. Although no one will know if the votes were correctly recorded and counted, the "success" of this experiment will be cited as a reason to expand the use of Internet voting.

We understand that voting is unnecessarily difficult for many expatriate Americans. That is unacceptable. But it is also unacceptable to force citizens to trust their votes to a system that has not been demonstrated to be trustworthy. We need to consider more sensible and secure ways to assist Americans living abroad. For example, we might develop a uniform system for printing absentee ballots remotely, so that it is not necessary to mail ballots to voters weeks in advance. We might consider making deadlines for receiving voted ballots a bit more flexible. Perhaps ballots could even be delivered by FedEx or DHL.

This radically new and untested voting scheme was announced only a short time ago. Press coverage has been minimal and uncritical. Unfortunately, because voters planning to vote over the Internet no longer have time to obtain absentee ballots before the primary, it is too late to kill this dangerous proposal. We urge American expatriates to vote, however they can--even if it involves using this system--and then tell their representatives that paper ballots must be required in the future for all voters, including those outside the country.

Americans living abroad should not be treated as second-class citizens.